Authentication
Learn how to authenticate your API requests using API keys. All API endpoints require authentication to ensure secure access to your data.
Getting an API Key
To use the MySSL API, you'll need to create an API key from your dashboard:
- Log in to your MySSL Dashboard
- Navigate to Settings
- Click on the "API Keys" section
- Click "Create New API Key"
- Give your key a descriptive name (e.g., "Production Server", "CI/CD Pipeline")
- Copy and securely store your API key
Important Security Notice
Your API key is displayed only once when created. Store it securely immediately.
If you lose it, you'll need to create a new key.
API Key Format
MySSL API keys follow a specific format for easy identification:
myssl_k_<random_string>Example: myssl_k_a1b2c3d4e5f6g7h8i9j0...
Making Authenticated Requests
Include your API key in the Authorization
header using the Bearer token scheme:
Authorization: Bearer myssl_k_your_api_key_hereExample Requests
cURL
curl -X GET https://myssl.info/api/v1/domains \
-H "Authorization: Bearer myssl_k_your_api_key_here" \
-H "Content-Type: application/json"Python
import requests
api_key = "myssl_k_your_api_key_here"
headers = {
"Authorization": f"Bearer {api_key}",
"Content-Type": "application/json"
}
response = requests.get(
"https://myssl.info/api/v1/domains",
headers=headers
)
print(response.json())JavaScript (Node.js)
const apiKey = "myssl_k_your_api_key_here";
const response = await fetch("https://myssl.info/api/v1/domains", {
method: "GET",
headers: {
"Authorization": `Bearer ${apiKey}`,
"Content-Type": "application/json"
}
});
const data = await response.json();
console.log(data);Authentication Errors
When authentication fails, the API returns one of the following error responses:
Returned when no API key is provided or the key format is invalid.
{
"error": "Authentication required",
"message": "Please provide a valid API key in the Authorization header"
}Returned when the provided API key doesn't exist or has been revoked.
{
"error": "Invalid API key",
"message": "The provided API key is invalid or has been revoked"
}Returned when the API key is valid but doesn't have permission for the requested resource.
{
"error": "Access denied",
"message": "Your API key doesn't have permission for this resource"
}API Key Management
You can manage your API keys from the dashboard. Each key can be:
- Named — give each key a descriptive name to identify its purpose.
- Tracked — view last used timestamp and request counts per key.
- Regenerated — generate a new key while keeping the same name and settings.
- Revoked — immediately disable a key if it's compromised.
Tip: Create separate API keys for different environments (development, staging, production) to track usage and limit blast radius if a key is compromised.
Security Best Practices
-
Never expose keys in client-side code
API keys should only be used in server-side code. Never include them in JavaScript running in the browser, mobile apps, or any client-facing code. -
Use environment variables
Store your API keys in environment variables or secure secret management systems. Never commit them to version control.Bashexport MYSSL_API_KEY="myssl_k_your_key_here" -
Rotate keys periodically
Regularly rotate your API keys, especially for production environments. Create a new key, update your applications, then revoke the old one. -
Monitor API key usage
Regularly check the usage statistics for your API keys in the dashboard. Unusual activity may indicate a compromised key. -
Revoke compromised keys immediately
If you suspect a key has been compromised, revoke it immediately from the dashboard. The key will be disabled instantly.
Next Steps
Now that you understand authentication, learn about rate limits or start making API requests.